Enterprise Unix Roundup: A Linux Pioneer Gets Back in the Game

Last week we took a look at SUSE and Red Hat, two long-time Linux stalwarts entering distinctly new phases. This week, another Linux veteran (a person this time) is back in the game. Former Caldera (now SCO) CEO Ransom Love has
joined the board of directors of Progeny, an Indianpolis-based Linux
company with a unique take on how to distribute Linux to enterprise customers.
Ransom Love has returned to the Linux playing field, joining Ian Murdock's Progeny. IBM revealed plans for a line of PowerPC 970-based blades, and continued press coverage further fans the SCO fires. We offer a glimpse of rsync, a backup management program that offers incremental backups over the network by copying only files that have been changed and that can be tunneled through ssh.

Love was at Caldera's helm during the company's ride on the crest of the late '90s Linux wave, and faded away quietly as his company threw in its lot with the United Linux consortium. He led Caldera's effort to bring enterprise-level polish to a Linux distribution, risked the wrath of
idealists outraged at his openly commercial interest ("The Linux community must become a Linux industry," he commented in 1999), and ultimately led Caldera to its fateful purchase of SCO.

Love's return to Linux after a period out of the game is an interesting development if only because he helped define much of the playbook that's only now being fully realized by companies that survived the bust on business models much worse than what Caldera proposed. Thus, we're inclined to think he'll do Progeny some good.

Progeny has its own deep roots in the Linux world, by the way. Its
co-founder, Ian Murdock, founded the Debian project (named for him and his wife, Deb) in 1993, and it is one of the earliest Linux distributions still around today. In 2001, the company had a brief flirtation with creating a polished, end user friendly commercial version of Debian it hoped to use to underwrite much more ambitious, high-concept projects. It ended up retreating to consulting to stay afloat. It now provides what it calls "Platform Services."

Progeny's outlook is noteworthy if only because it goes against the grain of the likes of SUSE and Red Hat, which are, if nothing else, still very much in the "distribution building" business. Where those companies put together standard products, Progeny's approach involves cherry-picking from a variety of sources in the Linux software orchard and putting together customized Linux packages held together with the company's own configuration, installation, and hardware detection software. The company's own Platform Services white paper provides more insight into its take on selling Linux to the enterprise.

Compared to the larger outfits, Progeny is a decidedly low-key company. However, with Ransom Love coming in from the cold to lend his experience, and the already deep expertise the company's engineers bring to the table, we'll be keeping an eye on its efforts.

Since we mentioned Debian, we'll note that despite its non-commercial approach and the seeming curse it has visited on attempts to repackage it and sell it commercially (three Linux companies came and went trying), it's an option anyone putting together commodity servers should consider.

In the hobbyist world, the project is frequently derided for its slow development cycle (we've seen two years pass between new releases) and pointed refusal to cater to bleeding-edge enthusiasts. But slow release cycles and cautious packaging policy make for a stable server platform that rivals commercial distributions in terms of
quality and sometimes exceeds them in terms of sheer polish.

We've been up to our elbows preparing reviews of high-end commercial distributions lately, and while we'll take nothing away from their general quality, it's only fair to point out that for organizations where in-house Unix expertise is as good as any
support contract (and we know of a few like that), Debian is worth considering.

In Other News

IBM is set to unveil a line of PowerPC 970 (aka "G5")-based
blades next year. The eServer
BladeCenter JS20 will offer dual-PPC
processors running at 1.6GHz and dual gigabit ethernet
connections. Reports indicate that the blades will initially
ship with either SUSE or Turbo Linux, with AIX support to follow
much later.

Sun will have some news next week at COMDEX, where CEO Scott
McNealy is expected to announce 2- and 4-way Opteron-based
servers running Linux and Solaris.

In the sturm und snark of the SCO/IBM case, bored press
have taken to describing what may well be a routine round of
subpoenas from SCO to such Linux/Free Software notables as Linus
Torvalds and Richard Stallman as some sort of vicious legal
assault. We aren't sure if the subpoenas represent anything
other than a reasonable request for information (although some are trying
to cast them as harassment of some sort), but we'll agree with
a comment on Slashdot: A subpoena from SCO must surely confer
serious, serious bragging rights in Linux circles.

Security Roundup

A buffer
mismanagement bug in OpenSSH has shown up in a few
older Linux distributions and a lot of Cisco Catalyst gear. With new rumors of a remote exploit in the wild, it's worth checking with your vendor for patches if you aren't already fanatical about keeping OpenSSH patched (and since it's often the
one port admins will poke through the firewall, you should be). The latest release of OpenSSH doesn't have this issue.

The popular network analysis tool Ethereal was recently
patched to fix a raft of potential problems, including one that could cause it to run arbitrary code.

Tips of the Trade

No one likes to deal with backups. We certainly don't. But one
of our favorite ways of handling that chore is a program called rsync, which has the virtue
of performing incremental backups over the network and of copying only
files that 1) have been changed (making it inexpensive in terms of bandwidth)
and 2) can be tunneled through ssh (making it a secure option in all sorts of contexts).

In its full-blown form, rsync involves a daemon with fairly thorough configuration options, but you don't need to run a daemon, provided the rsync application is present on the node to which you're performing the backup.

We've broken down a sample rsync command to give you an idea of how to get started with it:

The first part of the command, -e ssh, tells rsync to use
ssh as the transport over which rsync runs. If you don't have passwordless
key authentication with ssh (not always the best practice, depending on the context), you'll need to enter your password each time you run a sync.

The second part of the command is a set of switches that, in order:

Specify that the sync operation should recurse the target
directory

Tells rsync to skip files on the remote host that are more
recently modified than the source host

Tells rsync to compress the files it's syncing using the same
compression method that gzip uses

Tells rsync to rename files that already exist on the remote
host with a "~" suffix, providing a backup of the backup

The third part of the command, --exclude-from=/home/admin/excludes, points to a file with a list of items that shouldn't be included in the sync. The syntax of
the file is fairly simple: It takes wildcards (such as *.jpg, or *.tar.gz), or directories (such as /tmp), one per line. We include "*~" to deal with Emacs backup files, ourselves.

The fourth part of the command, /www, is the directory to be
backed up.

The fifth part of the command, backup.foo.com:backup/ is the host (on the left of the colon) and the directory (on the right of the colon) to which the sync is to be made. The directory is relative to the home directory of the user making the sync.

Available options abound beyond this fairly safe set. We recommend playing with these before hitting the man page for yourself.